Chief Compliance Officer (CCO)

The Chief Compliance Officer (CCO)
risk management certificate

The Chief Compliance Officer, one of the most important members of the management team, is primarily responsible for overseeing compliance within an organization, and ensuring compliance with laws, regulatory requirements, policies, and procedures.

As the compliance leader and subject matter expert, the CCO is responsible for establishing standards and implementing procedures to ensure that the compliance programs throughout the organization are effective and efficient in identifying, preventing, detecting, and correcting noncompliance with applicable laws and regulations.

The CCO has to provide reasonable assurance to senior management and the Board that there are effective and efficient policies and procedures in place, well understood and respected by all employees, and that the company is complying with all regulatory requirements.

The CCO must report directly to the Chief Executive Officer. He must also inform the Board about important issues and material violations.

These are some of the Chief Compliance Officer's responsibilities:

- Defining the necessary level of knowledge on existing and emerging regulatory compliance requirements across the organization.

- Developing the annual compliance work plan that reflects the organization's unique characteristics.

- Periodically revising the compliance plan in light of changes.

- Guiding in a productive, professional way, the compliance teams.

- Overseeing and monitoring the implementation of the compliance program.

- Providing guidance, advice, and training.

- Providing strategic direction to the management team on compliance.

- Preparing and presenting clear and concise compliance reports to the Board.

- Interacting with regulators on compliance issues.

- Coordinating efforts related to audits, reviews, and examinations.

- Developing policies and programs that encourage managers and employees to report suspected fraud and other improprieties, without fear of retaliation.

- Coordinating internal compliance review and monitoring activities, including periodic reviews of departments.

- Independently investigating and acting on matters related to compliance.

- Monitoring external review processes.

Challenges for the Chief Compliance Officer (CCO)

Challenge 1: The role is not clearly or properly defined.

Challenge 2: There are conflicts of interest.

Challenge 3: The CCO is not independent.

Challenge 4: The CCO does not report directly to the Board.

Challenge 5: The CCO's job is not decided and terminated only from the Board.

Challenge 6: The CCO does not have the financial and human resources necessary to do the job.

Challenge 7: There are no effective monitoring and reporting policies and procedures in place, and the CCO can do nothing about that.

Chief Compliance Officers (CCOs) are more important after 2002

In 2002, SEC commissioner Cynthia Glassman explained the need for a "corporate responsibility officer." This is what she said:

"In terms of trying to personify the corporate conscience, there is something not specifically required, but which I feel is essential nonetheless.

While the CEO cannot delegate his or her ultimate responsibility, to fully carry out the mandate of Sarbanes-Oxley and the Commission's rules, a company should have an officer with ownership of corporate compliance and ethics issues, and of what Title III of Sarbanes-Oxley broadly refers to as "Corporate Responsibility."

While every company must assess its particular needs based on the size and nature of its business, there are several characteristics that I would want the corporate responsibility officer to have if I were relying on this person:

1. He or she should have sufficient seniority and authority to take the actions necessary under the circumstances. To assess whether your corporate responsibility officer meets this requirement, ask yourself if the person would be able to address the worst-case scenario.

2. The position should have the full support of the CEO and senior management, both in theory and in practice. The corporate responsibility officer should have access and provide regular reports to senior management. In this regard, he or she can play an important role in helping a company meet the information gathering and reporting requirements contained in the Commission's new internal control and certification rules.

3. Although regular board reports on compliance and controls seem advisable, even if they do not occur regularly, the corporate responsibility officer should have the ability to report directly to the board (for example, to the audit committee chairman) on matters of significant import to the company or matters involving misconduct by senior management.

4. In addition, the responsible officer should have sufficient time and adequate resources to implement the company's corporate responsibility program in an effective manner. The best written code of ethics will be worthless if the company starves the budget of the officer who has to implement it."

SEC commissioner Cynthia Glassman discussed the need for a corporate responsibility officer, after examining some of the examples history provides with respect to corporate scandals.

Some History on Corporate Scandals

"In thinking about themes underlying recent legislation and rules, it is useful to begin by examining some of the examples history provides with respect to corporate scandals -- to look both at the common threads that run throughout and also at what distinguishes the recent spate of scandals from those that preceded them. As economist John Kenneth Galbraith commented, "[t]he man who is admired for the ingenuity of his larceny is almost always rediscovering some earlier form of fraud. The basic forms . . . have all been practiced." Some examples from history show this to be all too true:

1. For starters, it is part of securities industry folklore that organized trading in America was borne out of scandal. What is presently the New York Stock Exchange arose out of a financial crisis caused largely by a real estate speculator named William Duer, who leveraged his speculative investments to such a degree that he was unable to repay his loans. Duer's personal failure was followed by the failure of several banks that lent him money, and then by the organization of traders who, underneath a Buttonwood tree in lower Manhattan, formed the exchange in the hope that the events would not be repeated.

2. In the late 1800s, the promise that rail transportation would boost productivity and completely change the business paradigm led to rampant speculation in companies involved in railroad production. Analyzing the situation after the railroad bubble burst, financier Henry Clews noted in 1891 that the resulting crises "were chiefly due to an excessive diversion of capital into the building of railroads, and also the fact that the new companies were organized upon a grossly speculative and inflated basis." Sound familiar? He also expressed dismay at "[t]he extent to which not only large promoting companies, but even banking-houses of high repute, have been involved in floating these new issues."

3. In the early 1900s, the failure of United Copper Company and the inability of one of its affiliated banks to satisfy customer withdrawal demands caused another run on banks and forced investors to re-evaluate United Copper's business model. Shareholders in United Copper saw the share price plummet from $84 to $10 per share in a single day.

4. In 1929, of course, we had the Great Crash. An interesting parallel to today's issues was the way some companies assisted their officers after the market crashed in 1929. National City Bank, for example, created a "morale loan fund" for officers who had over-leveraged themselves in the securities markets. The company made about $2 million in interest-free, uncollateralized loans to National City officers. Three years later only five percent of the loans were repaid.

Skipping ahead to more modern history, I would like to share a description I recently came across which I found particularly insightful. It provided the following summary of events:

The distribution of securities by companies that had not made a previous public offering reached the highest level in history. This activity in new issues took place in a climate of general optimism and speculative interest. The public eagerly sought stocks of companies in certain "glamour" industries, especially the electronics industry, in the expectation that they would rise to a substantial premium - an expectation that was often fulfilled. Within a few days or even hours after the initial distribution, these so-called hot issues would be traded at premiums of as much as 300 percent above the original offering price. In many cases the price of a "hot" issue later fell to a fraction of its original offering price.

This passage, of course, is not describing the Internet bubble of the 1990s, but rather speculation in electronics stocks in the late 1950s and early 1960s, which was documented in the Commission's "Special Study of the Securities Markets" - published in 1963.

Although many political, economic, social and psychological factors can lead to a market crisis, there seem to be enough common threads to these stories to suggest that the issues confronting us today are far from new. Much of the behavior we have witnessed recently - greed, sacrificing strategic interests for instant gratification, promoting self-interest over fiduciary responsibility, suspension of rational investment decision-making, and loose lending practices coupled with rampant speculation - have plagued business and the markets throughout recorded history."

Annual Report 2021, Citigroup Inc. - about the Chief Compliance Officer (CCO)

Second Line of Defense: Independent Risk Management

Independent risk management units are independent of front line units. They are responsible for overseeing the risk-taking activities of the first line of defense and challenging the first line of defense in the execution of their risk management responsibilities.

They are also responsible for independently identifying, measuring, monitoring, controlling and reporting aggregate risks and for setting standards for the management and oversight of risk. Independent risk management is comprised of Independent Risk Management (IRM) and Independent Compliance Risk Management (ICRM) and are led by chief risk executives (i.e., Chief Risk Officer (CRO) and Chief Compliance Officer (CCO)) who have unrestricted access to the Citigroup Board of Directors and its Risk Management Committee to facilitate the ability to execute their specific responsibilities pertaining to escalation to the Citigroup Board of Directors.

Independent Risk Management

The IRM organization sets risk and control standards for the first line of defense and actively manages and oversees aggregate credit, market (trading and non-trading), liquidity, strategic, operational and reputation risks across Citi, including risks that span categories, such as concentration risk, country risk and climate risk.

IRM is organized to align to risk categories, legal entities/regions and Company-wide, cross-risk functions or processes (i.e., foundational areas). There are teams that report to an independent CRO for various risk categories and legal entities/regions. In addition, there are foundational teams that report to Foundational Risk Management heads. The Risk Category, Legal Entity/Regional CROs and Foundational Risk Management Heads report to the Citigroup CRO.

Independent Compliance Risk Management

The ICRM organization actively oversees compliance risk across Citi, sets compliance risk and control standards for the first line of defense to manage compliance risk and promotes business conduct and activity that is consistent with Citi’s Mission and Value Proposition and the compliance risk appetite. Citi’s objective is to embed an enterprise-wide compliance risk management framework and culture that identifies, measures, monitors, controls and escalates compliance risk across Citi.

ICRM is aligned by product line, function and geography to provide compliance risk management advice and credible challenge on day-to-day matters and strategic decision-making for key initiatives. ICRM also has program-level Enterprise Compliance units responsible for setting standards and establishing priorities for program-related compliance efforts. These Compliance Risk Management heads report directly to the CCO.

Annual Report 2020, J.P. MORGAN AG - about the Chief Compliance Officer (CCO)

The various business segments, Banking (consisting of Global Investment Banking, Wholesale Payments and Lending), Markets, Securities Services and Commercial Bank, prepare detailed presentations for the meetings of the Management Board.

These presentations are key to discuss business developments in the past month and developments in key performance indicators (KPIs) as well as in key risk indicators (KrIs) of the various segments.

The Chief Financial Officer (CFO), the Chief Risk Officer (CRO), the Chief Compliance Officer and the Head of Internal Audit also provide their up-to-date reports.

In addition, the implementation of the group-wide Brexit strategy by J.P. Morgan AG with regard to client activation, transfer of assets, capital planning and staffing has been monitored during the meetings of the Management Board. The Board meetings are minuted by a member of the legal department.

Compliance is led by the J.P. Morgan AG Chief Compliance Officer (“CCO”) who reports to the entity’s CRO. The entity maintains oversight and coordination of its compliance risk through the implementation of the CCOR Framework.

Roche Group Code of Conduct - about the Chief Compliance Officer (CCO)

The Chief Compliance Officer (CCO) with the Compliance Officers network is committed to ensuring that the Roche Group Code of Conduct is consistently complied with throughout the Roche Group.

The Chief Compliance Officer also serves as a contact for employees, shareholders, business partners, customers and the general public on issues relating to the implementation of and compliance with the Roche Group Code of Conduct.

A local Compliance Officer has been appointed in each Roche affiliate with the following responsibilities, in particular, but not limited to:

– ensuring that employees know where they can ask for help and advice if they have doubts about the correct business behaviour;

– networking and collaborating with local, regional and global compliance experts in order to identify and take advantages of synergies between Pharmaceuticals and Diagnostics;

– coordinating local compliance endeavours, initiatives and training programmes;

– supporting and conducting compliance monitoring, compliance controls and compliance audits;

– supporting Line Management in the local integrity risk-management processes;

– supporting Line Management in the adequate handling of local non-compliance cases, including reporting in the Business Ethics Incident Reporting (BEIR) system;

– encouraging employees to speak up if they have a compliance concern.

The Chief Compliance Officer coordinates the network of the local Compliance Officers and makes sure that best practice examples are regularly exchanged and shared within the network and that global Compliance tools are continuously reviewed and updated.

Annual Report 2021, Barclays PLC - about the Chief Compliance Officer (CCO)

Organisation and structure

The Conduct Risk Management Framework (CRMF) outlines how the Group manages and measures its Conduct risk profile.

The Group Chief Compliance Officer is accountable for developing, maintaining and overseeing the CRMF.

This includes defining and owning the relevant Conduct risk policies which detail the control objectives, principles and other core requirements for the activities of the Group.

It is the responsibility of the first line of defence to establish controls to manage its performance and assess conformance to these policies and controls.

A selection of tools are used to manage and assess Conduct risk, including:

(i) the Risk and Control Self-Assessment (RCSA) is the Group-wide approach for businesses to identify and regularly assess material risks and their associated controls, in order to mitigate these risks and reduce the likelihood and/or severity of losses to Barclays;

(ii) the Strategic Risk Assessment (SRA) focuses on non-financial risks and is the tool used to annually identify potential forward-looking Conduct risks that may arise due to a particular strategy, business model or activity, or any potential regulatory, market or industry changes; and

(iii) the Delivered Risk Assessment (DRA) assesses the risks that a change initiative may create once delivered.

The governance of Conduct risk within the Group is fulfilled through management committees and forums operated by the first and second lines of defence, with clear escalation and reporting lines to the Board.

Barclays Internal Audit (BIA) provides independent assurance on the effectiveness of Conduct risk management to the Board and senior management.

The governance of Conduct risk within the Group is fulfilled through management committees and forums operated by the first and second lines of defence with clear escalation and reporting lines to the Board.

The Barclays Group and Barclays Bank Group Risk Committee is the most senior executive body responsible for the oversight of the Conduct Risk Profile.

The risk committees’ responsibilities include the identification and discussion of any emerging Conduct risks exposures in their respective entities.

Organisation, roles and responsibilities

Barclays PLC Board is the most senior body responsible for reviewing and monitoring the effectiveness of the Group’s management of reputation risk.

The Group Chief Compliance Officer is accountable for developing a Reputation Risk Management Framework (RRMF), and the Group Head of Public Policy and Corporate Responsibility is responsible for developing a reputation risk policy and associated standards, including tolerances against which data is monitored, reported on and escalated, as required.

The RRMF sets out what is required to manage reputation risk across the Group. The primary responsibility for identifying and managing reputation risk and adherence to the control requirements sit with the business and support functions where the risk arises.

Barclays Bank Group and Barclays Bank UK Group are required to operate within established reputation risk appetite, and their component businesses prepare reports highlighting their most significant current and potential reputation risks and issues and how they are being managed.

These reports are a key internal source of information for the quarterly reputation risk reports which are prepared for Barclays Group ExCo and the Board.

The Group Reputation Risk Committee is a sub-committee of the Group Executive Committee, authorised to manage material reputation risks and issues as they are brought to the attention of the committee via relevant reputation risk assessment and escalation processes.

Annual Report 2020, BHP, a leading global resources company - about the Chief Compliance Officer (CCO)

Ethics and compliance, and assurance

The Risk and Audit Committee (RAC) received, at its request, increased regularity of reporting from the Chief Compliance Officer on trends in reporting to EthicsPoint and details on consistency in disciplinary outcomes for breaches of Our Code of Conduct (Our Code) which sets out standards of behaviour for our people. The RAC also discussed the introduction of assurance over risk culture by the Internal Audit and Advisory team.

Effectiveness of systems of internal control and risk management (RAC and Board)

In delegating authority to the CEO, the Board has established CEO limits, outlined in the Board Governance Document. Limits on the CEO’s authority require the CEO to ensure there is a system of control in place for identifying and managing risk in BHP. Through the RAC, the Directors regularly review these systems for their effectiveness. These reviews include assessing whether processes continue to meet evolving external governance requirements.

The RAC oversees and reviews the internal controls and risk management systems. Any material breaches of Our Code, including breaches of our anti-bribery and corruption requirements, as well as any material incidents reported under our ‘speaking up with confidence’ requirements are reported quarterly to the RAC by the Chief Compliance Officer.

These reports are then communicated to the Board through the report-out process. In undertaking this role, the RAC reviews:

• procedures for identifying, assessing and managing material risks and controlling their impact on the Group, and other stakeholders where relevant, and the operational effectiveness of these procedures

• processes and systems for managing budgeting, forecasting and financial reporting

• the Group’s strategy and standards for insurance

• the Group’s standards and procedures for reporting reserves and resources

• the Group’s standards and procedures for closure and rehabilitation provision

• standards and practices for detecting, reporting and preventing fraud, serious breaches of business conduct and whistleblowing procedures supporting reporting to the Committee

• procedures for ensuring compliance with relevant regulatory and legal requirements

• arrangements for the protection of the Group’s information and data systems and other non-physical assets

• operational effectiveness of the Business RAC structures

• overseeing the adequacy of the internal controls and allocation of responsibilities for monitoring internal financial controls

Annual Report 2021, Adidas - about the Chief Compliance Officer (CCO)


We consider compliance with the law as well as with external and internal regulations to be imperative.

The Executive Board sets the tone from the top. Every employee is required to act ethically and in compliance with the law as well as with internal and other external regulations while executing the company’s business. We believe adidas Fair Play will prevent the majority of potential compliance issues. For that reason, we have specific measures to detect and respond to any concerns. We realize, however, that no compliance system can eliminate all violations.

The adidas Chief Compliance Officer oversees the company’s Compliance Management System (CMS). We see compliance as all-encompassing, spanning all business functions throughout the entire value chain. Our central Compliance team works closely with Regional Compliance Managers and Local Compliance Officers to conduct a systematic assessment of key compliance risks on a yearly basis. In addition, the central Compliance team regularly conducts compliance reviews within selected entities. Due to widespread pandemic-related travel restrictions in 2021, the reviews have been postponed to 2022.

The company’s CMS is based on the OECD Principles of Corporate Governance. It refers to the OECD Guidelines for Multinational Enterprises and is designed to:

─ support the achievement of qualitative and sustainable growth through good corporate governance,

─ reduce and mitigate the risk of financial losses or damage caused by non-compliant conduct,

─ protect and further enhance the value and reputation of the company and its brand through compliant conduct, and

─ preserve diversity by fighting harassment and discrimination.

The Fair Play Code of Conduct and our CMS are organized around three pillars: prevent, detect, and respond.

─ Prevention: The Compliance team regularly reviews and updates the CMS as necessary. In addition to the revised Fair Play Code of Conduct mentioned above, we also introduced an Anti-Harassment and Anti-Discrimination Policy in September 2020, emphasizing adidas’ renewed initiative to prevent and fight harassment and discrimination in the workplace. Management also shares compliance-related communication, and the Compliance department provides mandatory training to all employees globally during onboarding and in regular, repeated cycles.

The Compliance team and partners also provide targeted in-person compliance training as appropriate with senior management and newly promoted or hired senior executives across the globe in order to further enhance the compliance ‘tone from the top,’ as well as the ‘tone from the middle.’ We closely monitor the completion rates for these training measures and continuously update our web-based training.

Also in 2021, the company launched trainings on several topics, including information security; procurement, and ‘Diversity, Equity, and Inclusion’ (‘DEI’). We also focused on strengthening cooperation between the Compliance team and the Internal Audit, the Group Policies and Internal Controls, and the Risk Management departments.

─ Detection: adidas has whistleblowing procedures in place to ensure timely detection of potential infringements of statutory regulations or internal guidelines. Employees can report compliance concerns internally to their supervisor, the Chief Compliance Officer, Regional Compliance Managers or Local Compliance Officers, the relevant HR Manager, or, where applicable, the Works Council.

Employees can also report externally via the independent, confidential Fair Play hotline and website, which also allow for anonymous complaints. The Fair Play hotline and website are available at all times worldwide, including the services of interpreters, if required. They are promoted digitally and with posters to reach all our locations around the world. The company’s continuous work to identify potential compliance violations accelerated in 2021 through several initiatives related to the Global ‘Diversity, Equity, and Inclusion’ (‘DEI’) Program.

─ Response: Appropriate and timely response to compliance violations is essential. The Chief Compliance Officer leads all investigations in cooperation with an established team of Regional Compliance Managers and a global network of Local Compliance Officers. We track, monitor, and report potential incidents of non-compliance worldwide.

In 2021, we recorded 485 potential compliance violations (2020: 414). Most importantly, insights gained from the investigation of past violations are used to continuously improve the CMS. Where necessary, we react promptly to confirmed compliance violations, through appropriate and effective sanctions ranging from warnings to termination of employment contracts. In addition, in 2021, the Compliance team strengthened its relationship with the HR organization, a key partner in many compliance matters, especially those related to harassment and discrimination.

Apple Inc., Notice of 2022 Annual Meeting of Shareholders and Proxy Statement - about the Chief Compliance Officer (CCO)

Legal and Regulatory

Together with the Audit Committee, Apple’s Board takes an active role in overseeing legal and regulatory risks related to Apple’s business. The Board receives regular updates from Apple’s General Counsel and Apple’s Chief Compliance Officer on legal and regulatory developments affecting the company, including updates on legislative developments, government investigations, litigation, and other legal proceedings.

Antitrust Compliance

The Audit Committee oversees Apple’s antitrust compliance program. Apple’s Antitrust Compliance Officer is responsible for the development, review, and execution of Apple’s Antitrust Compliance Program and, together with Apple’s General Counsel and Apple’s Chief Compliance Officer, regularly reports to the Audit Committee. These reports include the alignment of the program with Apple’s potential antitrust risks, and the effectiveness of the program’s design in detecting and preventing antitrust issues and promoting compliance with laws and Apple’s policies.

Business Conduct and Global Compliance

The Audit Committee regularly reviews and discusses with management Apple’s business conduct and compliance risks. Apple’s Chief Compliance Officer is responsible for the development, review, and execution of Apple’s Business Conduct and Global Compliance program and regularly reports to the Audit Committee. These reports include the program’s support and validation of Apple’s principles of conducting business ethically, honestly, and in compliance with applicable laws; the effectiveness of the program’s design in detecting and preventing business conduct violations, and promoting ethical business conduct and compliance with applicable laws and Apple policies; as well as results of program evaluations.

Business Conduct Policy

Apple seeks to conduct business ethically, honestly, and in compliance with laws. Apple’s code of ethics, titled “Business Conduct: The way we do business,” set outs the principles that guide Apple’s business practices – honesty, respect, confidentiality, and compliance. The code applies to all employees, including Apple’s principal executive officer, principal financial officer, and principal accounting officer. Relevant sections of the code also apply to the Board. Apple expects its suppliers, contractors, consultants, and other business partners to follow the principles set forth in the code when providing goods and services to Apple or acting on its behalf. The code is available at Business-Conduct-Policy.pdf.

Apple intends to disclose any changes or waivers from this code by posting such information to our website if such disclosure is required by SEC or Nasdaq rules. Apple’s code is managed by the Business Conduct organization, under the oversight of Apple’s Chief Compliance Officer. Employees are required to complete training on the code upon joining Apple and annually thereafter. With input from relevant stakeholders and executive leadership, we regularly review and update Apple’s code and related policies to ensure they provide clear, actionable guidance to our employees, executive officers, and directors.

Annual Report 2020, Daimler - about the Chief Compliance Officer (CCO)

Compliance organization

Our compliance and legal affairs organizations are structured divisionally, regionally and along the value chain. As a result, they can provide effective support — for example, by means of guidelines and advice. Contact persons are available to each function, division and region. In addition, a global network of local contact persons makes sure that our compliance standards are met. The contact persons also help the management at the Group companies implement our compliance program at their respective sites.

The Daimler Compliance Board provides guidance regarding overarching compliance topics and monitors activities to see whether our compliance measures are effective. The Board’s mission is to react promptly to changes in business models and the business environment, deal with regulatory developments and continuously enhance the CMS. The Compliance Board consists of representatives of the compliance and legal affairs departments. It generally meets four times a year with additional meetings for cause and is chaired by the Chief Compliance Officer.

Involvement of company management

The Chief Compliance Officer, the Vice President & Group General Counsel and the Vice President Legal Product & Technical Compliance report directly to the Member of the Board of Management for Integrity and Legal Affairs and to the Audit Committee of the Supervisory Board. They also report regularly to the Board of Management of Daimler AG on matters such as the status of the CMS and its further development, as well as the whistleblower system BPO.

In addition, the Vice President & Group General Counsel regularly reports to the Antitrust Steering Committee and the Group Risk Management Committee. The Chief Compliance Officer and the Vice President Legal Product & Technical Compliance also report to the Group Risk Management Committee. The structure of the reporting lines safeguards the compliance officers’ independence from the business divisions.

Compliance risks

We examine and evaluate our Group companies and corporate departments systematically each year in order to minimize compliance risks. In this process we use, for example, centrally available information about the Group companies and corporate departments, such as revenue, business models and relations with business partners. If necessary, other locally sourced information is supplemented. The results of these analyses are the foundation of our compliance risk control.

Compliance program

Our compliance program comprises principles and measures that are designed to minimize compliance risks and prevent violations of laws and regulations. The individual measures are based on the knowledge gained through our systematic compliance risk analysis.

We focus, among other things, on the following aspects: the continuous raising of awareness of compliance issues, the systematic tracking of information received regarding misconduct and the formulation of clear standards for the behavior of our business partners. We address all of these points in greater detail in a later section.

Compliance on the part of our business partners

We expect not only our employees to comply with laws and regulations. We also require our sales partners and suppliers to adhere to clear compliance requirements, because we regard integrity and conformity with regulations as a precondition for trusting cooperation. In the selection of our direct sales partners and in our existing sales partnerships, we therefore ensure that our partners comply with laws and regulations and observe ethical principles. In financial year 2020, we refined and made full use of our globally standardized process for the effective and efficient assessment of all new sales partners and the step-by-step re-evaluation of our existing sales partners (Sales Business Partner Due Diligence Process).

Our continuous monitoring in this area is designed to ensure that we can identify possible integrity violations by our sales partners. We also reserve the right to terminate cooperation with, or terminate the selection process for, any sales partner who fails to comply with our standards. In addition, we work with our procurement units to continuously improve our processes for selecting and cooperating with suppliers.

Our global Daimler Sustainability Standards apply in this area. On the basis of these standards and our Integrity Code, we make available to each of our suppliers and sales partners a specific Compliance Awareness Module developed with their activities in mind. This module is intended to sensitize them to current integrity and compliance requirements such as those related to anti-corruption measures and technical Compliance. Through these measures we also offer our business partners assistance for dealing with possible compliance risks.

Case Study 1: Job description, Chief Compliance Officer, Texas Capital Bank, Richardson, TX.


- Act as the compliance leader, strategist and subject matter expert assessing and advising on existing and emerging regulatory compliance requirements across the organization.

- Represent the state of Compliance Risk to Executive Management, Regulators, and the Board of Directors.

- Oversee the development and evolution of the annual compliance work plan and periodically revisit the plan in light of regulatory and organization risk appetite changes.

- Develop and maintain strong relationships with senior leaders, including executive management and related control groups to ensure a cohesive approach to compliance and risk management.

- Provide guidance, advice, and/or training to all lines of businesses (LOBs) to improve LOBs understanding of related laws and risk appetite.

- Supports key growth initiatives tied to the company’s strategic plan.

- Maintain strong professional relationships and open lines of communication with bank regulators, taking the lead in managing examinations and other ongoing regulatory interactions.

- Drive the company’s core compliance processes including risk assessments and testing of relevant regulations, measurement and adherence to compliance metrics, and lead all internal/external reporting on the overall state of compliance.

- Collaborate with other risk stakeholders to proactively identify and assess risk inherent to their processes, assess their controls, and help mitigate the risk of potential business disruption, loss of revenue or reputation resulting from inadequate or failed internal processes/systems, human activities or external events.

- Effectively manage, motivate and develop a high performing team of compliance professionals.

- Develop and maintain a compliance environment that encourages all bank employees or contractors to report suspected fraud and other improprieties without fear of retaliation.

- Oversee the development and maintenance of an independent investigations of appropriate scope and scale, to investigate, evaluate and resolve compliance issues.

- Oversee the vendor compliance oversight program measuring and monitoring the compliance of third party goods and services delivered against defined bank and regulatory requirements.

- The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.

Case Study 2: Job description, US Chief Compliance Officer, Revolut, New York, NY.

Compliance is a key team that ensures Revolut’s products and processes meet the wording and spirit of regulatory requirements, then translate this into good customer outcomes. Compliance also facilitates open and transparent relationships with our regulators.

The Compliance team brings Revolut’s commitment to improving all aspects of finance to risk management. We are far more data-led than similar functions within other companies; our team has both a strong understanding of regulatory requirements and also the ability to find solutions and carry out testing in a purely digital environment. Join a team that knows that better people and machines are the most effective way of managing conduct risk.

We are looking for a Chief Compliance Officer to join our team in the US to Maintain Compliance Management System, advise on the localization of products and features to comply with US regulation, and support the compliance section of the bank application.

What You’ll Be Doing.

- You will be leading our US compliance function.

- Act as a check and balance on the business and assure that compliance risk taking is within risk appetite.

- Advise the business on localizing products and features for the US regulatory environment and advise on remediation of Compliance issues.

- Evaluate business objectives and regulatory developments, and propose compliance solutions within the firm's risk tolerance and regulatory requirements.

- Anticipate changes in regulatory regimes and implement the appropriate changes with our policy and procedure owners.

- Participate in the US Executive Risk Committee and US Board Risk and Compliance Committee; prepare regulatory and management reports.

- Responsible for managing our regulatory relationships and strategy globally.

- Manage the local framework for policies and procedures.

- The role doesn't include FinCrime opportunities.

Case Study 3: Job description, Chief Compliance Officer, Antier Solutions, Chandigarh, India.

Job Description.

- Should have strong knowledge of European banking regulations and should be able to oversee and manage compliance issues within the company and for its clients.

- Ensure that the organization / Startups are in compliance with various regulatory requirements.

- Investigate any incident or violations for legal or regulatory requirements.

- Identifying potentially vulnerabilities and be able to address these head-on with corrective measures.

- Overseeing compliance within an organization, and ensuring compliance with laws, regulatory requirements, policies and procedures.

- Providing strategic direction to the management team on compliance.

- Interacting with regulators on compliance issues.

- Coordinating efforts related to audits, reviews, and examinations.

- Interact with senior management, faculty, staff and/or government agency officials, to represent and promote the development of strategic compliance programs to further university awareness on related initiatives.

- Develop an ongoing campaign to heighten awareness of the various university's main campus compliance programs, disseminates compliance information and collects employee feedback as appropriate.

- Should have strong knowledge about European Open Banking regulations.

- Should be aware of FCA UK compliance regulations and requirements.

- Should have strong grip of compliance requirements for building Crypto friendly Banking Solutions which would include IBANS Accounts and linked Debit Cards, KYC/AML, Fiat to Crypto conversion and vice versa, International and Local fund transfer, Foreign Exchange, Crypto Trading, Counter-Terrorism Financing (CFT) Laws. etc.

Case Study 4: Job description, Group Chief Compliance Officer, News Corp, London, England.

The News Corp Global Compliance Programme (the Programme): The primary goal of the Programme is to prevent, detect and remediate misconduct by employees and agents of News Corp. To achieve this goal, Global Compliance promotes and enforces company-wide compliance with global policies addressing a wide range of issues, including the News Corp Standards of Business Conduct, as well as policies relating to anti-bribery and anti-corruption, sanctions and trade restrictions, modern slavery and conflicts of interest. Global Compliance also assists with workplace conduct issues, information governance, antitrust and privacy, each of which are overseen by News Corp’s subject matter experts. The Programme is then reinforced at each of its Business Units by implementing it at the local level.

The Global Compliance Team (Global Compliance): News Corp’s General Counsel and Chief Compliance Officer (CCO) heads up Global Compliance and in turn reports, through News Corp’s Audit Committee, to the News Corp Board of Directors. There are three Group Chief Compliance Officers (GCCOs): one based in New York (GCCO North America), one based in Australia (GCCO AsiaPac) and this role, based in London (GCCO UK). The GCCOs work collaboratively, but are individually focused on covering the Company's businesses in their specific geographic region, i.e. North America, Asia Pacific, and Europe. They are supported by a small support team, primarily based in the US, including a Global Compliance Counsel, a Project Manager and Training Manager.

Role of the GCCO (UK).

The GCCO is responsible for compliance oversight of the following News Corp’s business units: News UK, Storyful and HarperCollins Publishers, globally. Working with senior management, including the General Counsels at each of these businesses, the GCCO identifies opportunities to strengthen internal controls, develops implementation and monitoring practices to ensure implementation of the global compliance principles and policies, and, when necessary, conducts inquiries and investigations into potential violations.


- This is a full-time, 9 -12 month contract position.

- Advise on questions related to anti-bribery and anti-corruption, antitrust, privacy, sanctions, modern slavery, conflicts of interest, workplace conduct issues and other compliance risks.

- Develop, implement and review compliance policies.

- Conduct M&A due diligence to identify any compliance risks of potential acquisitions.

- Conduct risk assessments with senior management to identify areas of risk. Prepare comprehensive risk council memos summarizing the assessments.

- Develop and monitor implementation plans for each business unit to ensure implementation of compliance principles and policies.

- Respond and when necessary investigate complaints received on the Company's whistleblower Alertline.

- Develop and maintain effective business relationships with senior management at the business units.

- Identify, on an ongoing basis, potential areas of compliance vulnerability and risk across the Company and more specifically anticipate legal and regulatory changes in legislation, either at a global or local level, that may impact/require adjustments to the Programme.

- Ensure implementation of the Company’s third party vendor management system across the relevant business units, as well as exercising approval under relevant local due diligence processes.

- Working with Human Resources, ensure that the compliance training program and all communications, including senior management ‘tone from the top’ messaging is effectively implemented.

- Manage and work with outside counsel and consultants as necessary.

- Exercise approval under News Corp’s global compliance policies and protocols, e.g. Gifts and Entertainment.

- Conduct in person trainings and briefings on Global Compliance with Executive and management teams as required.

- Design, conduct and participate as required in monitoring meetings with the business units.

- Work collaboratively with CAD/Global Risk Lead in reviewing and updating status/changes in compliance risk across business units.

- Ensure Significant Allegations are reported to the CCO and investigated appropriately.

You may also visit:

The Role of the Risk Officer:

Credit Risk:

Market Risk:

Operational Risk:

Systemic Risk:

Political Risk:

Strategic Risk:

Conduct Risk:

Reputation Risk:

Liquidity Risk:

Cyber Risk:

Climate Risk:

Emerging Risk:

Membership and certification

Become a standard, premium or lifetime member. Get certified.


In the Reading Room (RR) of the association you can find our weekly newsletter - "Top risk and compliance management news stories and world events, that (for better or for worse) shaped the week's agenda, and what is next". Our Reading Room

Contact IARCP

contact us

Lyn Spooner


George Lekatis

President of the International Association of Risk and Compliance Professionals (IARCP)

1200 G Street NW Suite 800, Washington DC 20005, USA - Tel: (202) 449-9750


Privacy, legal, impressum